SlideShare una empresa de Scribd logo

Compliance what does security have to do with it

Descargar como PPTX, PDF
nCircle - a Tripwire Company
nCircle - a Tripwire Company

nCircle Compliance Webinar July 2012

Tecnología
1 de 13
Compliance: What Does Security Have To Do With It? Thank you for joining us. The webinar will start shortly. © nCircle 2012. All rights reserved.
Compliance: What Does Security Have To Do With It? © nCircle 2012. All rights reserved.
Introductions: Panelists Rodney Brown CISSP, GIAC GISP, ITILv3 Andrew Storms Shelley Boose Dir. Security Operations Dir., Public Relation nCircle Tim Erlin Elizabeth Ireland Dir., IT Security and Risk Strategy VP, Marketing nCircle 3 © nCircle 2012 All rights reserved. nCircle Company Confidential
Which compliance regulations does your organization need to comply with? (check all that apply)  SOX  NERC  FISMA  HIPAA  PCI  GLBA  PIPEDA  Too many to name 4 © nCircle 2012 All rights reserved. nCircle Company Confidential
How often does your organization have audits?  Annually  Quarterly  Monthly  Auditors live here 5 © nCircle 2012 All rights reserved. nCircle Company Confidential
Does your security team spend too much time on audit requests?  Seems like that’s all we do  Audit requests take at more than half of our time  Occasional resource problem  We have plenty of resources to do both 6 © nCircle 2012 All rights reserved. nCircle Company Confidential
In your experience, how aligned are security and compliance efforts?  Mostly aligned  Somewhat aligned  Barely related 7 © nCircle 2012 All rights reserved. nCircle Company Confidential
Does your security team have the necessary executive support?  Yes  No  What executive support? 8 © nCircle 2012 All rights reserved. nCircle Company Confidential
In your organization, do security efforts suffer because compliance requirements drive the budget?  Yes  No 9 © nCircle 2012 All rights reserved. nCircle Company Confidential
What percentage of your security operations program is automated?  25% or less  26 – 50%  more than 50% 10 © nCircle 2012 All rights reserved. nCircle Company Confidential
In which of the following types of tools has your organization invested the most budget?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 11 © nCircle 2012 All rights reserved. nCircle Company Confidential
What’s the next major tool investment your organization has planned?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 12 © nCircle 2012 All rights reserved. nCircle Company Confidential
Thank you for participating! Continue the conversation in our online community connect.ncircle.com 13 © nCircle 2012 All rights reserved. nCircle Company Confidential

Recomendados

Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)John Dillard
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityTerell Jones
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Security on a budget
Security on a budget Security on a budget
Security on a budget nCircle - a Tripwire Company
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredNetIQ
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 

Recomendados

Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)Insider Threats (RIMS 2012)
Insider Threats (RIMS 2012)John Dillard
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityTerell Jones
 
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...
Out With the Old, In With the New – Reinvent and Justify Your 2013 Security S...Skybox Security
 
Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Alfresco Virtual DevCon 2020 - Security First!
Alfresco Virtual DevCon 2020 - Security First!Jason Jolley
 
Security on a budget
Security on a budget Security on a budget
Security on a budget nCircle - a Tripwire Company
 
Security Testing for Test Professionals
Security Testing for Test ProfessionalsSecurity Testing for Test Professionals
Security Testing for Test ProfessionalsTechWell
 
Do Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredDo Security Like a Start Up or Get Fired
Do Security Like a Start Up or Get FiredNetIQ
 
Security Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceSecurity Kung Fu: Security vs. Compliance
Security Kung Fu: Security vs. ComplianceJoshua Berman
 
Venafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsVenafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsnickjplott
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the SilosNeil Curran MSc CISSP CRISC CGEIT CISM CISA
 
Certifications on Security - IS AUDIT
Certifications on Security - IS AUDITCertifications on Security - IS AUDIT
Certifications on Security - IS AUDITShahzeb Pirzada
 
Achieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationAchieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationThomas Bronack
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?🙃 Mario Platt
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)HCL Technologies
 
CDW Security Practice
CDW Security PracticeCDW Security Practice
CDW Security Practicetimmay0220
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalRobin Lutchansky
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
Forrester Infographic
Forrester Infographic Forrester Infographic
Forrester Infographic Thang Cao (He/Him)
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Breaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great PlainsBreaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great Plainssurferdave71
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesOllie Whitehouse
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 
Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)nCircle - a Tripwire Company
 
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionnCircle - a Tripwire Company
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 

Más contenido relacionado

La actualidad más candente

Venafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsVenafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsnickjplott
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...Eric Vanderburg
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentConSanFrancisco123
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...IT Network marcus evans
 
Certifications on Security - IS AUDIT
Certifications on Security - IS AUDITCertifications on Security - IS AUDIT
Certifications on Security - IS AUDITShahzeb Pirzada
 
Achieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationAchieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationThomas Bronack
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?🙃 Mario Platt
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)HCL Technologies
 
CDW Security Practice
CDW Security PracticeCDW Security Practice
CDW Security Practicetimmay0220
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalRobin Lutchansky
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoHP Enterprise Italia
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Eric Vanderburg
 
Breaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great PlainsBreaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great Plainssurferdave71
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesOllie Whitehouse
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisCarlos Andrés García
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithSolarWinds
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Education & Training Boards
 

La actualidad más candente (19)

Venafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findingsVenafi 2012 risk audit survey findings
Venafi 2012 risk audit survey findings
 
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
2017 March ISACA Security Challenges with the Internet of Things - Eric Vande...
 
Making Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software DevelopmentMaking Threat Modeling Useful To Software Development
Making Threat Modeling Useful To Software Development
 
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
Why IT Systems Need to Conduct IT System Penetration Tests - Chris Gatford, N...
 
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
2014 Conference Brochure - GRC 2.0 Breaking Down the Silos
 
Certifications on Security - IS AUDIT
Certifications on Security - IS AUDITCertifications on Security - IS AUDIT
Certifications on Security - IS AUDIT
 
Achieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate CertificationAchieving Enterprise Resiliency and Corporate Certification
Achieving Enterprise Resiliency and Corporate Certification
 
To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?To dev secops or not to devsecops is that a question ?
To dev secops or not to devsecops is that a question ?
 
Intrusion Detection System (IDS)
Intrusion Detection System (IDS)Intrusion Detection System (IDS)
Intrusion Detection System (IDS)
 
CDW Security Practice
CDW Security PracticeCDW Security Practice
CDW Security Practice
 
Thread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final FinalThread Fix Tour Presentation Final Final
Thread Fix Tour Presentation Final Final
 
Cyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercatoCyber Warfare e scenari di mercato
Cyber Warfare e scenari di mercato
 
Forrester Infographic
Forrester Infographic Forrester Infographic
Forrester Infographic
 
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
Cybersecurity Incident Response Strategies and Tactics - RIMS 2017 - Eric Van...
 
Breaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great PlainsBreaking Microsoft Dynamics Great Plains
Breaking Microsoft Dynamics Great Plains
 
Private sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodesPrivate sector cyber resilience and the role of data diodes
Private sector cyber resilience and the role of data diodes
 
Automate and Enhance Application Security Analysis
Automate and Enhance Application Security AnalysisAutomate and Enhance Application Security Analysis
Automate and Enhance Application Security Analysis
 
Threat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned WithThreat Intelligence + SIEM: A Force to be Reckoned With
Threat Intelligence + SIEM: A Force to be Reckoned With
 
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
Denis Hackett M.Sc. - IDC Presentation Sept 2014 Croke Park Sept25 - Denis Ha...
 

Similar a Compliance what does security have to do with it

Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionnCircle - a Tripwire Company
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityPhil Agcaoili
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierThe Lorenzi Group
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCapgemini
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensenjaredcarst
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThreatConnect
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyChris Niggel
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Patrick Florer
 
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Investorideas.com
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategyJason Clark
 
What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?Randy Morgan CSP, CPC
 
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqFinding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqJoe Oringel
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber SecurityStacy Willis
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRCNorman Mayes
 
Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012AT Internet
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlCipherCloud
 
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-CompliancePCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliancekhalavak
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! EMC
 

Similar a Compliance what does security have to do with it (20)

Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)
 
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and ActionApplying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
 
What CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber SecurityWhat CIOs and CFOs Need to Know About Cyber Security
What CIOs and CFOs Need to Know About Cyber Security
 
Digital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next FrontierDigital Forensics: Yesterday, Today, and the Next Frontier
Digital Forensics: Yesterday, Today, and the Next Frontier
 
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powellCWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
CWIN17 telford gdpr or how to eat the elephant a bit at a time - andy powell
 
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared CarstensenCyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
Cyber Threats & Cybersecurity - Are You Ready? - Jared Carstensen
 
The Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence WebinarThe Business Benefits of Threat Intelligence Webinar
The Business Benefits of Threat Intelligence Webinar
 
LinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security PolicyLinkedIn - Creating a Cloud Security Policy
LinkedIn - Creating a Cloud Security Policy
 
Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12Isaca houston presentation 12 4 12
Isaca houston presentation 12 4 12
 
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
Speaker Kiersten E. Todt, President and Managing Partner, Liberty Group Ventu...
 
"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy"Thinking diffrent" about your information security strategy
"Thinking diffrent" about your information security strategy
 
What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?What makes an ideal breeding ground for dishonest behavior?
What makes an ideal breeding ground for dishonest behavior?
 
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk IqFinding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
Finding Money & Detecting Fraud Super Strategies 2009 By Visual Risk Iq
 
Credit Union Cyber Security
Credit Union Cyber SecurityCredit Union Cyber Security
Credit Union Cyber Security
 
System Center 2012 - IT GRC
System Center 2012 - IT GRCSystem Center 2012 - IT GRC
System Center 2012 - IT GRC
 
Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012Kpi & measurement strategy - AT Internet - jump 2012
Kpi & measurement strategy - AT Internet - jump 2012
 
Continuous Monitoring 2.0
Continuous Monitoring 2.0Continuous Monitoring 2.0
Continuous Monitoring 2.0
 
Shadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining ControlShadow IT: The CISO Perspective on Regaining Control
Shadow IT: The CISO Perspective on Regaining Control
 
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-CompliancePCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
PCI Amsterdam: 27.11.2014: Rocky-Road-to-PCI-Compliance
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
 

Último

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 

Último (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 

Compliance what does security have to do with it

  • 1. Compliance: What Does Security Have To Do With It? Thank you for joining us. The webinar will start shortly. © nCircle 2012. All rights reserved.
  • 2. Compliance: What Does Security Have To Do With It? © nCircle 2012. All rights reserved.
  • 3. Introductions: Panelists Rodney Brown CISSP, GIAC GISP, ITILv3 Andrew Storms Shelley Boose Dir. Security Operations Dir., Public Relation nCircle Tim Erlin Elizabeth Ireland Dir., IT Security and Risk Strategy VP, Marketing nCircle 3 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 4. Which compliance regulations does your organization need to comply with? (check all that apply)  SOX  NERC  FISMA  HIPAA  PCI  GLBA  PIPEDA  Too many to name 4 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 5. How often does your organization have audits?  Annually  Quarterly  Monthly  Auditors live here 5 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 6. Does your security team spend too much time on audit requests?  Seems like that’s all we do  Audit requests take at more than half of our time  Occasional resource problem  We have plenty of resources to do both 6 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 7. In your experience, how aligned are security and compliance efforts?  Mostly aligned  Somewhat aligned  Barely related 7 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 8. Does your security team have the necessary executive support?  Yes  No  What executive support? 8 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 9. In your organization, do security efforts suffer because compliance requirements drive the budget?  Yes  No 9 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 10. What percentage of your security operations program is automated?  25% or less  26 – 50%  more than 50% 10 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 11. In which of the following types of tools has your organization invested the most budget?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 11 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 12. What’s the next major tool investment your organization has planned?  Vulnerability management  Configuration auditing  Patch management  Identity and access management  Antivirus and endpoint protection  Penetration testing  Malware detection  Data loss prevention  Governance risk and compliance  Other 12 © nCircle 2012 All rights reserved. nCircle Company Confidential
  • 13. Thank you for participating! Continue the conversation in our online community connect.ncircle.com 13 © nCircle 2012 All rights reserved. nCircle Company Confidential